By Collin Eaton and Dustin Volz
The main pipeline carrying gasoline and diesel fuel to the U.S.
East Coast was shut down by its operator after being hit with a
cyberattack.
Colonial Pipeline Co. operates the 5,500-mile Colonial Pipeline
system taking fuel from the refineries of the Gulf Coast to the New
York metro area. It said it learned Friday that it was the victim
of the attack and "took certain systems offline to contain the
threat, which has temporarily halted all pipeline operations."
The outage isn't expected to have a significant impact on fuel
markets unless the pipeline remains shut down for several days,
analysts said.
In an update Saturday afternoon, the company said it has found
that the cyberattack on Colonial involved ransomware, a type of
code that attempts to seize computer systems and demand payment
from the victim to have them unlocked.
Two people briefed on the probe said the attack appeared to be
limited to information systems and hadn't infiltrated operational
control systems, but cautioned that the investigation was in its
early stages.
The company said it had engaged a third-party cybersecurity firm
to help with the issue, which affected some of its IT systems, and
had contacted federal agencies and law enforcement.
FireEye Inc., a U.S.-based cybersecurity firm, is investigating
the attack, according to people familiar with the matter. A FireEye
spokesman declined to comment.
The Federal Bureau of Investigation and the Cybersecurity and
Infrastructure Security Agency, which works with critical
infrastructure companies on cyber defense, didn't immediately
respond to requests for comment.
It wasn't clear whether the attack was perpetrated by a
nation-state actor or criminal actor. Attributing cyberattacks is
difficult and can often take months or longer.
The Colonial Pipeline is the largest refined-products pipeline
in the U.S., transporting more than 100 million gallons a day, or
roughly 45% of fuel consumed on the East Coast, according to the
company's website. It delivers fuels including gasoline, diesel,
jet fuel and heating oil and serves U.S. military facilities.
"At this time, our primary focus is the safe and efficient
restoration of our service and our efforts to return to normal
operation," the company said in a statement. "This process is
already under way, and we are working diligently to address this
matter and to minimize disruption to our customers."
Colonial spokeswoman Kelsey Tweed said the company didn't have
further details to provide at this time.
Privately held Colonial is owned by several entities, including
units of investment firm IFM Investors, Koch Industries Inc., KKR
& Co. Inc. and Royal Dutch Shell PLC. KKR declined to comment.
IFM, Shell and Koch didn't immediately respond to requests for
comment.
Inventories of gasoline have been readied for the summer driving
season and usually get replenished every five to six days. But if
the pipeline remains offline for days, shortages at terminals that
receive fuel in the southeastern U.S. and Atlantic Coast markets
could begin to affect retail stations and consumers, said Andy
Lipow, president of consulting firm Lipow Oil Associates in
Houston.
"It's similar to a hurricane event where the pipeline gets shut
down, so if it's for a day or two then the impact will be
mitigated," Mr. Lipow said.
The fuel artery is critical to supplying the northeastern U.S.
and other markets, and extended shutdowns of the pipeline have
caused fuel prices to jump.
Fuel prices rose in 2016 following a Colonial pipeline leak in
Alabama that closed the conduit, as they did in 2008 when Hurricane
Ike smashed into the Gulf Coast.
It is also among the many aging U.S. pipelines that were built
before 1970, having started full operations in 1964.
An outage lasting more than five days could have sharp
consequences for fuel supplies, particularly in the southeast U.S.,
as inventory levels there are fairly tight, said Tom Kloza, global
head of energy analysis for Oil Price Information Services, or
OPIS, an IHS Markit company.
"If you were looking at the top 20 public targets that you could
really wreak havoc with by screwing with the software, the Colonial
Pipeline is in that group," Mr. Kloza said. "It's a big deal."
Still, areas along the northern Atlantic Coast have ample fuel
supplies amid a rise in foreign imports, particularly from Europe,
he said.
Cyberattacks targeting critical infrastructure or key companies,
some by suspected foreign actors, have become a growing area of
concern for the U.S. national security officials.
Russian hackers, for example, have been blamed by Western
intelligence agencies for temporarily downing parts of Ukraine's
power grid in the winter. Pipelines have long been viewed as an
area of concern for these kinds of attacks, in part because halting
their operations can have immediate impact.
President Biden in April announced punitive measures against
Russia, blaming suspected Russian agents for a month-long hack of
the U.S. government and some of America's biggest corporations.
That attack involved SolarWinds Corp. , a network-management
technology firm whose software was one of the primary entry-points
for the hackers, but extended beyond its software. It has been
described as one of the worst instances of cyber espionage in U.S.
history.
U.S. officials in recent months have ramped up warnings about
such hacks. The number of ransomware incidents has risen
dramatically during the coronavirus pandemic, cybersecurity experts
say, targeting schools, hospitals and companies.
On Wednesday, Homeland Security Secretary Alejandro Mayorkas
said his agency is dedicating more resources to counter ransomware
aimed at locking up government and private-sector computer
networks. And the Justice Department last month announced a new
task force dedicated to ransomware.
"The threat is real. The threat is upon us. The risk is to all
of us," Mr. Mayorkas said.
Mike Chapple, a cybersecurity expert at the University of Notre
Dame and former National Security Agency official, said the
Colonial Pipeline attack appeared to show the hackers were
"extremely sophisticated" or that the systems weren't properly
secured.
"This pipeline shutdown sends the message that core elements of
our national infrastructure continue to be vulnerable to
cyberattack," Mr. Chapple said.
If the attack originated from malware or ransomware that
infected systems, potentially inadvertently, then network issues
could be fixed in a matter of days or weeks, depending on how well
prepared Colonial was to respond to an attack, said Grant Geyer,
chief product officer of software firm Claroty, which specializes
in industrial cybersecurity.
But if a nation-state directed the attack, it would require an
extensive cybersecurity response to fix vulnerabilities that could
serve as a "backdoor" for infections later.
"A lot of the systems that control industrial environments are
managed by, in some cases, antiquated Windows systems that are rife
with vulnerabilities," Mr. Geyer said, adding the problem is
particularly acute in the energy industry.
Miguel Bustillo and David Uberti contributed to this
article.
Write to Collin Eaton at collin.eaton@wsj.com and Dustin Volz at
dustin.volz@wsj.com
(END) Dow Jones Newswires
May 08, 2021 17:09 ET (21:09 GMT)
Copyright (c) 2021 Dow Jones & Company, Inc.
Shell (LSE:RDSA)
Historical Stock Chart
From Aug 2024 to Sep 2024
Shell (LSE:RDSA)
Historical Stock Chart
From Sep 2023 to Sep 2024